The Internet's Immune System

• Previous message (by thread): The Internet's Immune System
• Next message (by thread): The Internet's Immune System
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It would be useful if these sites allowed you to query them with CIDR ranges to 
see if your site had originated any traffic that triggered their sensor arrays. The 
IDS community never seems to have wrapped its collective head around routing 
information. Looking up single IP addrs is just cosmetic. A real service would 
allow for concerned sites to check their entire address allocations. 

The solution we have takes a massive amount of data munging of a routing
table and is still experimental, but until attacks can be mapped to meaningful Internet
topographical information, the real value of these distributed IDS efforts cannot be fully 
exploited.  

I can forsee the argument that people shouldn't be able to look up other sites
which might be compromised, but if they are really so concerned, they should 
get their sites patched. 




--
Jamie.Reid, CISSP, jamie.reid at mbs.gov.on.ca
Senior Security Specialist, Information Protection Centre 
Corporate Security, MBS  
416 327 2324 
>>> "Bryan Bradsby" <Bryan.Bradsby at capnet.state.tx.us> 11/12/03 04:25pm >>>

> Devise a system that assumes owners of IP space WANT to know about problems.
> report --open-proxy 192.168.1.1 <logfiles
> and have a report sent to whoever needed to know about it.

http://www.Incidents.org
http://www.Dshield.org/howto.php
http://www.MyNetWatchman.com

-bryan bradsby
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: TEXT.htm
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031112/32e63950/attachment.ksh>

• Previous message (by thread): The Internet's Immune System
• Next message (by thread): The Internet's Immune System
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]